Sucuri Website Firewall (WAF)

Website Firewall (WAF)

Most website hacks come from insecure code being exploited. The attack vector is hidden within the millions of lines of code that make up your website. When a security flaw becomes known, all vulnerable websites can be compromised within a very short time frame.

You need lightning reflexes and robust defenses to prevent hackers from infecting your website. By taking away the methods used to crack your insecure code, the malware author’s attempts become useless. Eliminate all website security vulnerabilities and replace them with a blocking page for anyone who dares to exploit them.

Blocking All Vulnerability Exploits

Whether it is zero-day exploits or ancient security patches, Sucuri makes it impossible to take advantage of vulnerabilities in website code. Their Website Firewall uses a whitelist methodology that renders these flaws useless to attackers. Their expertise is wide ranging, and they dedicate significant resources daily to analyzing the latest trends and innovating new technology.

Sucuri can withstand many vulnerabilities and environments

Compatible with Webhosting.net

Any CMS or Custom Setup

Zero-Day Exploits

Cross Site Scripting (XSS)

Remote File Inclusion (RFI)

Local File Inclusion (LFI)

SQL Injection Attacks

Cross Site Request Forgery (CSRF)

Login Form Bypassing

Out-Of-Date Software

Insecure Plugins

Vulnerable Themes

Bad GET or POST Methods

Insecure Direct Object Reference

Drupalgeddon

Heartbleed

Bash Bug / Shellshock

POODLE

Malicious HTTP Requests

Remote Code Execution

Malformed Cookie Requests

How Sucuri Website Firewall Prevents Exploitation

The Sucuri Website Firewall employs a proprietary virtual hardening and patching technology that allows you to stay ahead of the latest website threats. The technology is built such that it allows the team to respond within minutes of Zero Day events when they occur. Staying true to the core of the company, the Sucuri Website Firewall has been built through years of analysis and significant investments in research of existing and emerging threats. This level of internal commitment allows them to build the best and most effective solution to protect websites from today’s top threats.

Multi-Layer Filtering

To protect our clients against these exploits, Sucuri employs a solution that uses heuristic and signature based techniques. Incoming traffic is sanitized before reaching your website. If there are patterns matching an attack, or if the behavior looks out of place, Sucuri blocks it before sending the good traffic back to you.

Pattern Recognition

Inbound traffic to your site usually matches a standard pattern based on the visitor’s HTTP request headers. A good example is SQL Injection attacks. A successful attack requires an attacker to send certain chunks of data in predictable ways. Like every programming language, SQL must respect certain syntax rules. Sucuri can flag these quite easily by looking for matches such as:

If it does, are the last few characters some SQL escaping sequences? (–, /*, #).

There are many other attack scenarios like this for for SQL, and the same applies for cross-site scripting (XSS) and local and remote file inclusion (LFI/RFI).

Virtual Website Patching

In these specific cases, the Sucuri research lab will analyze a particular bug to understand how it works in order to list every single place or context in which it can be used. From there, the Sucuri Website Firewall can draw a clear distinction between the normal traffic going to the faulty component, and malicious requests.

Vulnerable Outdated Software

If existing detection signatures are unable to separate legitimate requests from malicious ones, our heuristic detection and auditing will flag new samples for research. The new signature is quickly analyzed and decoded. In a recent vulnerability that the Sucuri research team discovered and disclosed responsibly, the exploit used a base64 encoded string to send its malicious payload, which is hard to detect as it only contained random alphanumeric characters. To detect it, the Website Firewall was set to review different elements such as the size of the particular parameter:

The length of the request should not normally be more than ~200 characters.

Malicious requests would use a few thousands characters to bypass the application’s execution flow.

Requests over 10000 characters are able to get a full Remote Code Execution script working.

How Sucuri Website Firewall Protects Against DDoS / DoS Attacks

To protect against these attacks, Sucuri employs a multi-layer filtering solution and works with top Internet Service Providers (ISP) around the world, to ensure adequate bandwidth is available to respond when there is a need.

See What Happens When Your Site is Being Attacked

Layer 3/4 Attacks

Layer 3 / 4 attacks are often volumetric, they are designed to flood, saturate, your network with so much traffic the only option is failure. This fight is achieved through Sucuri’s ability to handle the incoming throughput. Sucuri achieves this by partnering with top providers around the world (e.g.., Amazon AWS, Google CE and OVH) to provide them with all the bandwidth they need. This provides them hundreds of gigabytes per second of available pipe, allowing them to sustain and mitigate a large subset of volumetric attacks. Because Sucuri does not manage all of their infrastructure, they are able to quickly scale and respond based on needs.

UDP DoS Attacks

Sucuri’s response to DNS Amplification attacks are very similar to Layer 3 / 4 Attacks, but because of their configuration, Sucuri is especially suited for these DoS attack types. None of their reverse proxies are configured to allow anything but HTTP / HTTPS traffic through the end point (your web server). This approach allows them to mitigate attacks based on UDP quickly and efficiently. All UDP attacks are blocked at the edge, meaning they never come close to touching your web server, this greatly reduces the noise large amplification attacks introduce during an attack.

Layer 7 / HTTP floods

Layer 7 attacks are a bit more complex and require a more refined touch when it comes to mitigating. Because Layer 7 attacks often mask themselves with what would otherwise be categorized as legitimate traffic, Sucuri have built technology that allows them to analyze all incoming traffic for anomalies and respond accordingly. Their technology makes use of heuristic and signature based techniques, allowing them to quickly mitigate any incoming Layer 7 DoS attacks.

Website Firewall Advantages for DDoS Protection

Global, distributed network with 28 points of presence

Use of anycast for both DNS and HTTP/HTTPS

Protection from all types of DDoS attacks

Expertise from protecting over 1 million businesses

No limit on attack size

Predictable pricing; pricing not based on attack size

Uptime guarantee

Legitimate traffic can still access your content

Prevent Hackers From Breaking Into Your Website

Your website is under constant attack from hackers trying to log into your website? Every website with an admin panel experiences malicious login attempts.

The pace of technology has made it simple to program ways to guess your login and password. Limiting login attempts is not the answer. You need to stop anyone from accessing your admin page if they aren’t supposed to be there.

Blocking All Brute Force Attacks

Using a combination of detection methods and whitelisting, the Sucuri Website Firewall is able to stop brute force attempts in their tracks. Whether using bad bots, scanning tools, or semi-manual methods, you can stop unauthorized login attempts on your critical website access points. Save your website users from having credentials stolen and used for malicious purposes.

Three Main Software Vulnerabilities

Zero-Day Attacks

When a critical security flaw is newly discovered, it is known as a Zero Day. The moment that it is disclosed to the public, cybercriminals get busy pummelling the internet in search of potential victims. Even if the software developer quickly releases a patch for the flaw, the time it takes to update can often be too late. Drupalgeddon only took 7 hours to infect a million websites. The Sucuri Website Firewall will protect your website around the clock and let your system administrator get a good night’s sleep.

Outdated CMS, Plugins, and Themes

Your website is made up of the themes, plugins, core, and custom files that live on your server. If a patch is released but you cannot update, then your website becomes an easy target. Even if you can update, it can be difficult to react swiftly. Developers also abandon projects and stop updating with security fixes, leaving your website vulnerable to exploit. With virtual patching you can buy yourself some time in the update process.

Common Vulnerabilities and Exposures (CVE)

Attackers look for any way to take advantage of weaknesses in the code that you rely on. With a rise of critical technology, malware authors have more incentive to exploit the fundamental pieces of code that are beyond your control. The entire foundational stack that your website rests on includes server software like Linux, Apache, PHP, and MySQL (LAMP) as well as ASP, Nginx, cPanel, Plesk and more. These get hacked too. Unless defenses can react to a new vulnerability quickly, your website could be leaking data or could be used for malicious purposes.

Solution for eCommerce

Criminals will attempt to exploit your website and take advantage of sensitive customer information. Your online business is crucial, and getting hacked is not an option. From infections that intercept payment processes, to getting blacklisted and losing loyal customers, no eCommerce website can afford the time and stress of dealing with the aftermath of an intrusion. The Sucuri Website Firewall has Professional and Business plans available that support your SSL certificate. A Website Application Firewall is one of the main requirements to becoming PCI compliant, and not without good reason.

Distributed Denial of Service
(DDoS) Mitigation

DoS / DDoS attacks have increased in popularity. They are easy to employ and highly effective in causing your website harm. The goal is to disrupt your business by taking your website offline. Stay ahead of these attacks.

Layer 7 HTTP Flood Attacks

DNS Amplification Attacks

SSDP Attacks

Brute Force – Protection and Prevention

Regardless of platforms, attackers are looking to hack your website by any means possible. One very popular technique employs a concept known as Brute Force attacks. This technique is antiquated, yet highly effective. Basically it tries every possible combination of username and password against your login panel to guess the right combination, in turn gaining access to your website.

Throttling of Access Attempts to Entry Points

Brute Force Attacks Against WordPress, Joomla and Others

Introduction of IP Whitelisting Access Features

Stop Website Attacks and Hacks

The biggest contributing factor to website hacks today comes from insecure code. With enough time, and new techniques, attackers find ways to exploit weaknesses in code. The Website Firewall helps stop these vulnerabilities from being exploited.

SQL Injection Attacks

Cross Site Scripting (XSS)

Stop Hackers Exploiting Software Vulnerabilities

Malware Prevention

No one wants to know that their website is being used to infect online visitors; whether it’s to install a Trojan or something similar onto their computer, or steal credentials for their social platforms (i.e., Facebook, Twitter, etc.).

Stop Your Website From Getting Infected

Prevent Google Blacklists

Protect Your Brands Reputation

Zero Day Immediate Response

Zero Day attacks have been around since the beginning of the security industry. They signify the moment where vulnerabilities are disclosed and a patch is not available. It’s the moment where you and your website are at the greatest risk. Our Website Firewall allows us to virtually patch your environment within minutes of a Zero Day attack being disclosed.

Virtual Hardening

Virtual Patching

Protection in the Cloud

Performance Optimization

The biggest concern with security implementations is always the impact to the website’s performance. Rest assured that with our Website Firewall, you experience dramatic increases in performance, not just in how your website loads for your clients, but in the load placed on your web server.

Restore Your Brand’s Reputation

Reduced Load on Infrastructure

Improved Website Performance

Simple Configuration

The beauty of the Sucuri Website Firewall is that it works across all platforms, including today’s most popular brands – WordPress, Joomla!, Drupal, vBulletin and many more. It supports Apache, NGINX, and Windows web servers as well. It was built with the end-user in mind, allowing for quick and easy deployments.

Making your site faster

After you add your site to CloudProxy it becomes, in average, at least 50% faster. Depending on your CMS and settings, it can be 2x or 3x faster than before. Not only that, but it also reduces the load and bandwidth utilized on your server infrastructure.

How Does Sucuri Make Your Site Faster?

The Sucuri team is paranoid over performance and they use multiple techniques to make your site faster. They know that security is only useful if it doesn’t affect the user experience.

These are some of the key elements

High Performance Servers – The best of breed servers, on multiple data centers throughout the world.

Smart Caching – Speed up your site with several levels of caching available.

High Performance And Global Network – With nodes on the USA (East, Central and West), Canada, Europe (UK and France), Asia (Japan), Brazil and Australia.

One-click SPDY Support – You can enable SPDY (SPeeDY) support on your sites directly from their dashboard.

One-click GZIP Support – You can enable GZIP (compression) support on your sites.

And these are just some of the techniques that Sucuri have in place to improve the speed of your site.

30 Day Money Back Guarantee

We back all of our award winning hosting solutions with a 30 day money back guarantee. Rest assured we work hard to provide you with exceptional performance and reliability that has become synonymous with Webhosting.net.